rht-labs / api-design Goto Github PK

Needs to be modelled independent of an Engagement

These will need an SSH key somewhere in Jenkins as well as OCP BuildConfigs

We are currently trying to implement the automation of users into the IdM. The api spec currently has a list of users at the engagement level called team. However, this does not support the idea that users can belong to different groups on the team.

Current:

  "team":  [
      { "user_name": "kmcanoy" }, 
      { "user_name": "obedin" }, 
      { "user_name": "jholmes" } 
    ]

Instead we would like to add the groups as well and have the users be attached to the groups that they belong to

  "team": {
    "users" : [
      { "user_name": "kmcanoy" }, 
      { "user_name": "obedin" }, 
      { "user_name": "jholmes" } 
    ],
    "groups": [
      { 
        "name": "admin",
        "members": [
          { "user_name": "kmcanoy" }, 
          { "user_name": "obedin" }, 
          { "user_name": "jholmes" }
        ]
      },
      {
        "name": "devops",
        "members": [
          { "user_name": "jholmes" }
        ]
      },
      {
        "name": "developer",
        "users": [
          { "user_name": "kmcanoy" }
        ]
      }
    ]
  }
}

Requires new team object with user array and group array. Modified group object with user array

This won't effect the group_to_role mapping

Check out https://github.com/rht-labs/api-design/blob/master/swagger.yaml#L1044

The definition OpenshiftCluster is referencing openshift but there is no Openshift defined.

OpenshiftCluster:
....
openshift:
$ref: '#/definitions/Openshift'
openshift_resources_to_create:
$ref: '#/definitions/OpenshiftResources'
openshift_host_env:
type: string
image_registry:
$ref: "#/definitions/ImageRegistry

Add timestamp to enable the expiration of a user

There is no 201 for the resources.

e.g. oc tag vs docker pull/tag/push

http://martinfowler.com/bliki/DDD_Aggregate.html

The id in the model route is specified as string. It should be configured so that the code-gen creates a Long instead of a String in Java.

See rht-labs/ansible-stacks#30

Cluster should have volumes
Project should have claim
App should use the claim name

The model is built around single container pods, and thus all the down stream automation is as well. This is a common scenario, so likely not problematic.

Currently we require implementations to infer the existence of images that can be promoted between namespaces. This should be made explicit, so tools know what images can be promoted and therefore can ensure the prerequisites are in place.

Where it makes sense, align our language to http://label-schema.org/rc1/

So we can support oc expose svc --path

Move to infra focused API object

e.g. slack / jira need to be supported

So we can do stuff like

oc policy add-role-to-group view system:serviceaccounts

consider an abstraction vs concretion domain split in the model

e.g. sonar and cucumber

This is currently supported as a private feature of stacks. See rht-labs/ansible-stacks#71

OpenshiftCluster => OpenShiftCluster
revaluate ImageRegistry object
app is missing buildTool, buildAppCommands, buildImageCommands and deployImageCommands

also ask ourselves if all deployments need to be image centric? perhaps change the name deployApp / buildApp?

Add ids to model.

• Service
• Port
• LabelSelector
• Service
• Port
• ClaimType

Actual:

role_mapping/json

role/json

Expected:

application/json

Will add more as needed

• engagement.openshift_cluster => engagement.openshift_clusters
• openshift_cluster.openshift_resources_to_create => openshift_cluster.openshift_resources
• add user.user_name

The current swagger api definition has one sided references between models, this cause an issue with JPA xml, as there are no elements in the xml for the corresponding elements.

We are running into an issue in ansible-stacks because when we pass an engagement json to ansible with the field groups we then have to access it like {{ groups }} which is a reserved variable in ansible. Instead use the term user_groups. See ansible-stacks issue rht-labs/ansible-stacks#61

See rht-labs/ansible-stacks#29

We should leverage the Description field better to document the API, in particular any decisions made that will be hard to backtrack later on - i.e.: if a field is added that doesn't directly map to a core feature/functionality, we need to ensure it is documented for future reference. Overall, just need better documentation.

Look to use one of the tools in http://swagger.io/open-source-integrations/

Also add in service account

https://github.com/rht-labs/api-design/blob/master/ansible-stack-swagger-.0.2.0.yaml#L132

As an alternative to granting access to a long list of users, we should support using group memberships (i.e.: part of LDAP) for granting roles, etc.

The model is built around single container pods, and thus all the down stream automation is as well. This is a common scenario, so likely not problematic. This ticket is here just to capture that we have this limitation

• validate that the schema is legal
• generate clients

Essentially this would make our API Application centric, as opposed to Engagement or OpenShiftCluster centric

Here is the relevant output of the code gen for SpringBoot

        return new ApiInfoBuilder()
            .title("EMdP modeling and API design")
            .description("No descripton provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)")
            .license("")
            .licenseUrl("")
            .termsOfServiceUrl("")
            .version("0.2.0")
            .contact(new Contact("","", ""))
            .build();
    }

• Networking
• Sizing (# of nodes)
• Labels
• Infra Nodes
• Certs
• etc